| < draft-briscoe-docsis-q-protection-04.txt | draft-briscoe-docsis-q-protection-05.txt > | |||
|---|---|---|---|---|
| Network Working Group B. Briscoe, Ed. | Network Working Group B. Briscoe, Ed. | |||
| Internet-Draft Independent | Internet-Draft Independent | |||
| Intended status: Informational G. White | Intended status: Informational G. White | |||
| Expires: 11 November 2022 CableLabs | Expires: 12 November 2022 CableLabs | |||
| 10 May 2022 | 11 May 2022 | |||
| The DOCSISĀ® Queue Protection Algorithm to Preserve Low Latency | The DOCSISĀ® Queue Protection Algorithm to Preserve Low Latency | |||
| draft-briscoe-docsis-q-protection-04 | draft-briscoe-docsis-q-protection-05 | |||
| Abstract | Abstract | |||
| This informational document explains the specification of the queue | This informational document explains the specification of the queue | |||
| protection algorithm used in DOCSIS technology since version 3.1. A | protection algorithm used in DOCSIS technology since version 3.1. A | |||
| shared low latency queue relies on the non-queue-building behaviour | shared low latency queue relies on the non-queue-building behaviour | |||
| of every traffic flow using it. However, some flows might not take | of every traffic flow using it. However, some flows might not take | |||
| such care, either accidentally or maliciously. If a queue is about | such care, either accidentally or maliciously. If a queue is about | |||
| to exceed a threshold level of delay, the queue protection algorithm | to exceed a threshold level of delay, the queue protection algorithm | |||
| can rapidly detect the flows most likely to be responsible. It can | can rapidly detect the flows most likely to be responsible. It can | |||
| skipping to change at page 1, line 45 ¶ | skipping to change at page 1, line 45 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 11 November 2022. | This Internet-Draft will expire on 12 November 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 3, line 43 ¶ | skipping to change at page 3, line 43 ¶ | |||
| from the harm due to excess queuing that would otherwise be caused by | from the harm due to excess queuing that would otherwise be caused by | |||
| such anomalous behaviour. | such anomalous behaviour. | |||
| In normal scenarios without misclassified traffic, QProt is not | In normal scenarios without misclassified traffic, QProt is not | |||
| expected to intervene at all in the classification or forwarding of | expected to intervene at all in the classification or forwarding of | |||
| packets. | packets. | |||
| An overview of how low latency support has been added to DOCSIS | An overview of how low latency support has been added to DOCSIS | |||
| technology is given in [LLD]. In each direction of a DOCSIS link | technology is given in [LLD]. In each direction of a DOCSIS link | |||
| (upstream and downstream), there are two queues: one for Low Latency | (upstream and downstream), there are two queues: one for Low Latency | |||
| and one for Classic traffic, in an arrangement similar to the IETF's | (LL) and one for Classic traffic, in an arrangement similar to the | |||
| Coupled DualQ AQM [I-D.ietf-tsvwg-aqm-dualq-coupled]. The two queues | IETF's Coupled DualQ AQM [I-D.ietf-tsvwg-aqm-dualq-coupled]. The two | |||
| enable a transition from 'Classic' to 'Scalable' congestion control | queues enable a transition from 'Classic' to 'Scalable' congestion | |||
| so that low latency can become the norm for any application, | control so that low latency can become the norm for any application, | |||
| including ones seeking both full throughput and low latency, not just | including ones seeking both full throughput and low latency, not just | |||
| low-rate applications that have been more traditionally associated | low-rate applications that have been more traditionally associated | |||
| with a low latency service. The Classic queue is only necessary for | with a low latency service. The Classic queue is only necessary for | |||
| traffic such as traditional (Reno/Cubic) TCP that needs about a round | traffic such as traditional (Reno/Cubic) TCP that needs about a round | |||
| trip of buffering to fully utilize the link, and therefore has no | trip of buffering to fully utilize the link, and therefore has no | |||
| incentive to mismark itself as low latency. The QProt function is | incentive to mismark itself as low latency. The QProt function is | |||
| located at the ingress to the Low Latency queue. Therefore, in the | located at the ingress to the Low Latency queue. Therefore, in the | |||
| upstream QProt is located on the cable modem (CM), and in the | upstream QProt is located on the cable modem (CM), and in the | |||
| downstream it is located on the cable CMTS (CM Termination System). | downstream it is located on the cable CMTS (CM Termination System). | |||
| If an arriving packet triggers queue protection, the QProt algorithm | If an arriving packet triggers queue protection, the QProt algorithm | |||
| skipping to change at page 11, line 39 ¶ | skipping to change at page 11, line 39 ¶ | |||
| * either of: | * either of: | |||
| - source and destination port numbers, for TCP, UDP, UDP-Lite, | - source and destination port numbers, for TCP, UDP, UDP-Lite, | |||
| SCTP, DCCP, etc. | SCTP, DCCP, etc. | |||
| - Security Parameters Index (SPI) for IPSec Encapsulating | - Security Parameters Index (SPI) for IPSec Encapsulating | |||
| Security Payload (ESP) [RFC4303]. | Security Payload (ESP) [RFC4303]. | |||
| The Microflow Classification section of the Queue Protection Annex of | The Microflow Classification section of the Queue Protection Annex of | |||
| the DOCSIS spec. [DOCSIS] defines various strategies to find these | the DOCSIS spec. [DOCSIS] defines various strategies to find these | |||
| headers by skipping extension headers or encapsulations. If they | headers by skipping extension headers or encapsulations. If they | |||
| cannot be found, the spec. defines various less-specific 3-tuples | cannot be found, the spec. defines various less-specific 3-tuples | |||
| that would be used. The DOCSIS spec. should be referred to for all | that would be used. The DOCSIS spec. should be referred to for all | |||
| these strategies, which will not be repeated here. | these strategies, which will not be repeated here. | |||
| The array of bucket structures defined below is used by all the Queue | The array of bucket structures defined below is used by all the Queue | |||
| Protection functions: | Protection functions: | |||
| <CODE BEGINS> | <CODE BEGINS> | |||
| struct bucket { // The leaky bucket structure to hold per-flow state | struct bucket { // The leaky bucket structure to hold per-flow state | |||
| skipping to change at page 29, line 16 ¶ | skipping to change at page 29, line 16 ¶ | |||
| redirection of whole-flows once enough of the individual packets of a | redirection of whole-flows once enough of the individual packets of a | |||
| certain offending flow had been redirected. This would free up the | certain offending flow had been redirected. This would free up the | |||
| buckets used to maintain the per-packet queuing score of persistent | buckets used to maintain the per-packet queuing score of persistent | |||
| offenders. Whole-flow redirection is outside the scope of the | offenders. Whole-flow redirection is outside the scope of the | |||
| current version of the QProt algorithm specified here, but it is | current version of the QProt algorithm specified here, but it is | |||
| briefly discussed at the end of Section 5.5. | briefly discussed at the end of Section 5.5. | |||
| It might be considered that all the packets of persistently offending | It might be considered that all the packets of persistently offending | |||
| flows ought to be discarded rather than redirected. However, this is | flows ought to be discarded rather than redirected. However, this is | |||
| not recommended, because attack flows might be able to pervert whole- | not recommended, because attack flows might be able to pervert whole- | |||
| flow discard, turning it onto at least some innocent flows. thus | flow discard, turning it onto at least some innocent flows, thus | |||
| amplifying an attack that causes reordering into total deletion of | amplifying an attack that causes reordering into total deletion of | |||
| some innocent flows. | some innocent flows. | |||
| 9.1.2. Exhausting Processing Resources | 9.1.2. Exhausting Processing Resources | |||
| The processing time needed to apply the QProt algorithm to each L | The processing time needed to apply the QProt algorithm to each L | |||
| packet is small and intended not to take all the time available | packet is small and intended not to take all the time available | |||
| between each of a run of fairly small packets. However, an attack | between each of a run of fairly small packets. However, an attack | |||
| could use minimum size packets launched from multiple input | could use minimum size packets launched from multiple input | |||
| interfaces into a lower capacity output interface. Whether the QProt | interfaces into a lower capacity output interface. Whether the QProt | |||
| End of changes. 6 change blocks. | ||||
| 10 lines changed or deleted | 10 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||